Researchers from zScaler have discovered a campaign which is using vulnerable WordPress sites to collect and leak user credentials via a backdoor.
The cybercriminals are doing this via a backdoor which is activated once the WordPress user log in via the login page.
The log data is encrypted and sent to a specific domain. The vulnerability is exploited in such a way that the user will not become alerted once logged in.
The following is a sample list of WordPress websites compromised through this campaign:
- shoneekapoor.com
- dwaynefrancis.com
- blissfields.co.uk
- avalineholding.com
- attherighttime.net
- bolsaemprego.ne
- capitaltrill.com
- blowdrybar.es
- espada.co.uk
- technograte.com
- socalhistory.org
- blissfields.co.uk
- glasgowcontemporarychoir.com
- sombornefp.co.uk
- reciclaconloscincosentidos.com
- testrmb.com
- digivelum.com
- laflordelys.com